Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
DropCam Vulnerable To Hijacking
Newest First  |  Oldest First  |  Threaded View
Kelly Jackson Higgins
Kelly Jackson Higgins,
User Rank: Strategist
7/17/2014 | 12:04:26 PM
DropCam CEO and co-founder responds
Physical access is definitely the bottom line with this research, as the Synack guys said in the story. 

I just added comments from DropCam CEO and co-founder Greg Duff, who reiterates that as well. See updated section of the article. Thanks!
SgS125
SgS125,
User Rank: Ninja
7/16/2014 | 9:39:29 AM
Re: HA! That's a lot of bunk. GET YOUR FACTS STRAIGHT
Ok I give, what exactly is a "facebook hacker".

Long rant with little substance.

My original comment would have been, if I have physical access to any device it's game over, and the device can be mesed with.  Really is'nt that true for any device, even ATM machines, Doors, Cars?

Oh well I still really want to know what the heck a facebook hacker is.

 

 
Kelly Jackson Higgins
Kelly Jackson Higgins,
User Rank: Strategist
7/16/2014 | 9:21:38 AM
UPDATE
I confirmed with DropCam last night that they have patched the Heartbleed client-side bug, and users get the updates automatically.
Kelly Jackson Higgins
Kelly Jackson Higgins,
User Rank: Strategist
7/15/2014 | 4:01:48 PM
Re: DropCam fixes in the works
Just got a message that I will be talking to DropCam this evening. =)

Sara, there have been no known attacks that the researchers know of. It would require the attacker to gain physical access to the device, of course.
Kelly Jackson Higgins
Kelly Jackson Higgins,
User Rank: Strategist
7/15/2014 | 3:59:32 PM
Re: DropCam fixes in the works
I have not yet spoken directly with DropCam. I've been trying. =) They indicated they would talk to me yesterday, but no word yet and I don't know how they've handled this with their customers. It depends if they've got a software update/patch ready, which was unclear to the researchers as of yesterday.
Sara Peters
Sara Peters,
User Rank: Author
7/15/2014 | 3:53:00 PM
Oh my
"The bottom line is that a targeted DropCam could be hijacked to steal information and to wage other attacks."  Is there anything that can't be hijacked anymore? 

Kelly have the researchers given any indication of how prevalent/likely this kind of attack is? Is it mainly theoretical at this point?
Marilyn Cohodas
Marilyn Cohodas,
User Rank: Strategist
7/15/2014 | 3:48:07 PM
DropCam fixes in the works
I'm glad to read that they are working on fixes, but have they notified consumers of the probllem?
YewN926
YewN926,
User Rank: Apprentice
7/15/2014 | 3:31:59 PM
HA! That's a lot of bunk. GET YOUR FACTS STRAIGHT
It is a travesty to the world of technology that articles like this are posted, just when Dropcam gets some attention, you want to suck some of it for yourself. Well, go ahead and keep on sucking. And, how safe is your site, by the way, Facebook hackers out there be advised, DARKreading can be exposed to the light of day- Oh Yeah, but who really cares? No reason for DARKreading writers to come out of their safety closet....Their articles of fiction and name-dropping B (NOT C+) players are not a real market grabbing commodity, dream on, you, whoever you are I can't remember the author's name. I see your video java stuff is all messed up - could you be forgetting to test on a variety of browsers? Go back to grammar school..


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Practical Network Security Approaches for a Multicloud, Hybrid IT World
The report covers areas enterprises should focus on for their multicloud/hybrid cloud security strategy: -increase visibility over the environment -learning cloud-specific skills -relying on established security frameworks -re-architecting the network
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-30333
PUBLISHED: 2022-05-09
RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.
CVE-2022-23066
PUBLISHED: 2022-05-09
In Solana rBPF versions 0.2.26 and 0.2.27 are affected by Incorrect Calculation which is caused by improper implementation of sdiv instruction. This can lead to the wrong execution path, resulting in huge loss in specific cases. For example, the result of a sdiv instruction may decide whether to tra...
CVE-2022-28463
PUBLISHED: 2022-05-08
ImageMagick 7.1.0-27 is vulnerable to Buffer Overflow.
CVE-2022-28470
PUBLISHED: 2022-05-08
marcador package in PyPI 0.1 through 0.13 included a code-execution backdoor.
CVE-2022-1620
PUBLISHED: 2022-05-08
NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input.